Cybersecurity is a vast and varied field for government, especially when you consider budget and workforce shortages that can further strain cyber teams. However, many agencies are stepping up to the challenge and finding innovative ways to address cyberthreats. Broadly, there are four major cyber advancements we see across government.
The first is a focus on improving cybersecurity through automation, artificial Intelligence and machine learning. These three capabilities are often intertwined, with automation enabling agencies to perform actions with limited or no human intervention. Machine learning assists computers by using data to exponentially improve their results on a task, and AI allows machines to imitate functions humans classify as cognitive.
Together, these three capabilities accelerate the speed at which cyberthreats are addressed, while reducing cost and labor.
The federal government has recognized the potential of these three connected capabilities. In fact, Trump’s fiscal 2019 budget request made him the first president in history to list AI and autonomous vehicles as a research and development priority. State and local governments are also following suit with multiple agencies leveraging these capabilities to expedite and automate detection and mitigation of advanced cyberthreats.
But of course, we will never fully remove human expertise from cybersecurity field. That brings us to the second major focus of agencies today: developing the cyber workforce through innovative hiring and training.
Globally, projections suggest there will be a cybersecurity workforce shortage of 1.8 million by 2022, according to one government report. To fill those spots in the public sector, many agencies are considering new ways to hire talent.
For one, that same report suggested creating more entry-level cyber jobs. There are an abundance of mid-level openings but most of those require a bachelor’s or master’s degree and at least three years of experience. This suggests that creating more entry-level jobs would offer opportunities for acquiring and developing talent.
The federal government is also trying to better understand their current talent needs. As of now, there is no standardized, governmentwide assessment for validating employees’ skills, which can challenge hiring managers. Other roadblocks include competition from other agencies and private companies, hiring freezes and modest compensation packages. Agencies must find creative ways to overcome those obstacles and include more people into cybersecurity.
That brings us to a third focus. Many agencies are breaking down barriers and improving collaboration with DevSecOps. DevSecOps is a method of bridging the divide between development, security and operations teams. When those teams work together, they can ensure that agencies’ complex web of connected IT systems stay updated, running and secure all at the same time.
The focus of DevSecOps is on rapid, frequent delivery of secure infrastructure and software to production. The purpose is to create the mindset that everyone is responsible for security with the goal of safely distributing security decisions at speed and scale.
Finally, while DevSecOps integrates internal stakeholders, many agencies are finding the need to partner externally too. That’s why a fourth focus is strengthening cybersecurity through partnerships.
State and local governments are increasingly entering into cybersecurity partnerships that transcend physical boundaries. These alliances foster better information sharing, improved cooperation on cybersecurity challenges and increased dialogue about best practices.
For instance, 35 governors signed a compact in 2017 aimed at improving their states’ cyber defenses. “A Compact to Improve State Cybersecurity” pledges to improve states’ cybersecurity governance, prepare and defend them from cyberattacks, and grow the U.S. cybersecurity workforce.
These four advancements have a common theme: you can’t go it alone when it comes to government cybersecurity. You need partners, a skilled workforce, collaboration processes and advanced technologies to keep agencies safe. In our recent GovLoop Academy course, How to Act on Advancements in Cybersecurity, we explore next steps to take advantage of these innovations.